Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Observations from Symantec’s Vision Conference

by Neil MacDonald  |  April 14, 2010  |  2 Comments

I spent the first part of this week at Symantec’s  Vision Conference in Las Vegas. There is a lot going on across the various enterprise assets that Symantec owns – security, storage, and management. I focused primarily on the security sessions and announcements.

On the positive side of what I heard:

  • Symantec has taken the first step in a unified architecture for its disparate product offerings with the Symantec Protection Center — a common portal providing single sign-on to its disparate products that are proxied through it. Although it’s clear the products underneath come from different groups with a different look and feel, it’s a good veneer at this point, with tighter integration on the roadmap
  • On the messaging and marketing side, Symantec talked quite a bit about the integration and convergence of IT operations and security with longer term roadmaps for better integration and sharing of information across its management and security assets. For now, the veneer provided by SPC above is the first step.
  • Symantec unveiled its Data Insight offering as an add-on to its DLP offering. Finally, an offering that takes advantage of Symantec’s file system expertise (from the acquisition of Veritas) with its security expertise in the form of DLP. Data Insight is targeted to help solve one of the biggest issues with DLP projects – identifying data owners via observed usage patterns.
  • Symantec had several cool proof of concept demonstrations of its workspace virtualization technology delivering a composite desktop using multiple layers created by separation of applications from the OS and the separation of user preferences from the OS and applications.

A few of the areas that still need improvement that I observed:

  • Although Symantec is finally starting to talk about virtualization and security, it hasn’t made much meaningful progress. For example, even the basic ability to randomize and stagger scans for their Symantec Endpoint Protection antimalware client running on VDI servers is just now being added with its imminent SEP RU6. Its major competitors are ahead.
  • Noticeably absent is a solid application control/whitelisting capability. Point solutions from Bit9, CoreTrace, Lumension and others are filling a real gap in protection that many of the AV vendors haven’t addressed. Further, McAfee’s acquisition of Solidcore and integration into EPO has put the heat on Symantec to deliver.
  • Symantec did nothing to close its encryption gap. Sophos, Check Point and McAfee made their moves long ago. Symantec still needs its own technology that would span its security, messaging and storage offerings.

Overall, Symantec needed to show its customers why using the various acquisitions it has made over the years made sense and why using multiple products from Symantec work “better together”. After Enrique Salem’s first year, customers are finally starting to see this in shipping products.

Finally, the best quote I heard during the sessions came in a case study from a security professional from Continental Airlines discussing his company’s journey with the adoption of IT GRC and DLP technologies — “We were tool rich, but carpenter poor”.

2 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Virtualization Security     Tags: , , , ,

2 responses so far ↓

  • 1 Dmitry Shesterin   April 21, 2010 at 2:22 pm

    Dear Neil,

    Thank you for the assessment. I find this especially intriguing:

    Noticeably absent is a solid application control/whitelisting capability. Point solutions from Bit9, CoreTrace, Lumension and others are filling a real gap in protection that many of the AV vendors haven’t addressed. Further, McAfee’s acquisition of Solidcore and integration into EPO has put the heat on Symantec to deliver.

    Could you please share your perception of the shear size of the application whitelisting / control market and if it is growing?

    I read with interest your “Application Control Market Update” of 2008. Do you plan to update this update?

    Thank you.
    Dmitry

  • 2 Neil MacDonald   April 27, 2010 at 12:40 pm

    Dmitry,

    We don’t break out application contol/whitelisting as a separate market as we believe that over the next 3 years this capability will become a standard part of the endpoint protection platform offerings.

    The need is growing. The number of calls I take on this topic has more than doubled since the beginning of the year (Operation Aurora signficantly raised the awareness of the need for application control)

    http://blogs.gartner.com/neil_macdonald/2010/01/21/another-lesson-from-the-ie-zero-day-attacks-on-google-the-power-of-whitelisting/

    Yes, I will be updating the application control market update note. In fact, for clients Mike Silver and I just published this toolkit to help clients choose between the multitude of vendors in the market:

    http://www.gartner.com/resId=1355923